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A CURVED BRUNN-MINKOWSKI INEQUALITY FOR THE 
SYMMETRIC GROUP 

WEERACHAI NEERANARTVONG, JONATHAN NOVAK, AND NAT SOTHANAPHAN 


Abstract. In this paper, we construct an injection A x B —»■ M x M from 
the product of any two nonempty subsets of the symmetric group into the 
square of their midpoint set, where the metric is that corresponding to the 
conjugacy class of transpositions. If A and B are disjoint, our construction 
allows to inject two copies of Ax B into M x M. These injections imply a pos¬ 
itively curved Brunn-Minkowski inequality for the symmetric group analogous 
to that obtained by Ollivier and Villani for the hypercube. However, while 
Ollivier and Villani’s inequality is optimal, we believe that the curvature term 
in our inequality can be improved. We identify a hypothetical concentration 
inequality in the symmetric group and prove that it yields an optimally curved 
Brunn-Minkowski inequality. 


1. Introduction 

The classical Brunn-Minkowski inequality may be formulated as follows: given 
two compact nonempty sets A,B C M n , one has 

log \M t \ > (1 — *) log |A| + t log | B | 
for any 0 < t < 1, where 

M t = {(1 — t)a -f tb : a £ A, b £ Bj 

is the set of t -midpoints of A and B, and | • | is Lebesgue measure. If K" is replaced 
by a smooth complete Riemannian manifold with positive Ricci curvature bounded 
below by K > 0, the Brunn-Minkowski inequality can be strengthened to 

(1.1) log \M t \ > (1 - t) log |A| +1 log \B\ + ^-i(l ~ £)d(A, B) 2 , 

where d is the Hausdorff distance and M t the set of points of the form 7 (t) with 7 
a geodesic in X such that 7(0) £ A and 7(1) £ B, see [3] and references therein. 
The heuristic here is that midpoint sets are larger in positively curved space than 
in flat space, and the degree of this distortion is controlled by Ricci curvature. 

Y. Ollivier and C. Villani [4] have shown that a curved Brunn-Minkowski in¬ 
equality analogous to holds for the discrete hypercube equipped with 

the Hamming distance. While the definition of f-midpoints in discrete space is 
somewhat messy, in the case t = 1, at least, it is reasonable to define the mid¬ 
point set M = All /2 of A,B C Z^ to be the collection of to £ Z^ which satisfy 
d(a, to) + d(m, b) = d(a, b) and d(a, to) = d(m, 6) + e, with e £ {—1, 0,1}, for some 
(a, b) £ Ax B. Adopting these definitions, Ollivier and Villani proved the following 
curved Brunn-Minkowski inequality for the hypercube [H Theorem 1], 
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Theorem 1.1. For any nonempty sets A, B C Z^, 

log \M\ > i log \A\ + ^ log \B\ + y d(A, R) 2 , 

where K — 

Ollivier and Villani moreover verify that the dependence of K on N in their result 
is optimal. As discussed in [4] , this result supports the statement that the “discrete 
Ricci curvature” of Z^ is of order IV -1 . 

For any n > 2N, there is an injective group homomorphism 

Z" —> S(n) 

from the IV-dimensional hypercube into the symmetric group of rank n determined 

by 


ei i —y (11 —y 2) 
e 2 n (3 n 4) 


ejy (2iV - 1 2N), 

where £ Z^ is the bitstring in which all bits are zero except the *th bit, and 
(2i — 1 1 —>• 2 i) £ S(n) is the transposition which swaps 2 i and 2i — 1. If one equips 
S(n) with the metric induced by the word norm corresponding to the conjugacy 
class of transpositions, this injection is an isometric embedding of Z^ in S(n). 
It is thus natural to seek an extension of Theorem |1.1| to the symmetric group, 
viewed as a metric space in this way. In this paper, we prove the following curved 
Brunn-Minkowski inequality for S(n). 

Theorem 1.2. For any nonempty sets A,B C S(n), 


log \M\ > i log \A\ + 1 log \B\ + jd(A, B) 2 , 

where K = ■ 

The Brunn-Minkowski inequality presented in Theorem |1.2| is only slightly curved, 
and we believe that Theorem 


1.2 


in fact holds with K = c a positive constant. 
Although we do not prove this, we identify a hypothetical concentration inequality 
in the symmetric group which generalizes the hypercube concentration inequality 
of Ollivier and Villani [U Corollary 6], and demonstrate that it implies an optimally 
curved Brunn-Minkowski inequality for the symmetric group. 
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Figure 1. The Cayley graph of 5(4). 

2. Symmetric Group Basics 

In this section we fix basic notation and terminology concerning the symmetric 
group S(n). We identify S(n) with its right Cayley graph as generated by the 
conjugacy class of transpositions. Thus a, b, c, € S(n) are the vertices of our 
graph, and {a, b} is an edge if and only if a~ 1 b fixes all but two points of {1 ,..., n}. 
In this way S(n) becomes a graded graph: it decomposes as the disjoint union 

n— 1 

5(n) = □ L r . 

r =0 

where L r is the set of permutations which factor into exactly n — r disjoint cycles; 
each L r is an independent set; and, finally, there exists an edge between L r and 
L r > if and only if \r — r'\ = 1. Figure [I] shows the case n = 4. 

Each level L r of S(n) further decomposes as the disjoint union 

Lr = |_| Ca> 

Abn 

£(\)=n—r 

where the union is over partitions A of n with n — r parts, and C\ is the set of 
permutations with cycle type A. The sets C\ are the conjugacy classes of S(n). 

In this paper we make use of a decomposition of S(n) which is finer than the 
usual decomposition into conjugacy classes. Given p £ 5(n), factor p into disjoint 
cycles, and present each cycle so that its leftmost element is its minimal element. 
That is, each cycle of p is presented in the form 


(*1 1 —^ *2 1 —^ *3 1 —^ - - - )j 
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where i\ < min{i 2 , * 3 , • ■ • Next, list the cycles of p from left to right in increasing 
order of their minimal elements. Thus p is presented in the form 


P = (*1 '->• *2 1-t *3 . . . )(j 1 j 2 J 3 . . . )(fci h-J- k 2 HA fc 3 hA , 

where i\ < ji < k\ < .... We call this the ordered cycle factorization of p. Figure 
[T] displays the elements of 5(4) using their ordered cycle factorizations. We refer 
to the vector 


(ii,ji,k u ...) 

as the sequence of cycle minima of p. The vector 


of cycle lengths 


(Pl,P 2,^3,-•■) 


P = (*1 *2 !->■ h .. .)(ji ha j-2 ha j 3 ha .. .)(ki HA- k 2 ha k 3 HA- , 

s -V-" "-V- - 1 s -v-' 

length length length /X3 

in the ordered cycle factorization of p is a composition of n which we call the ordered 
cycle type of p. We denote by £(n) the number of parts of /r, so that r = n — £{p) 
if p £ L r . Given two permutations p,p' of the same ordered cycle type, there is a 
unique permutation u which both conjugates p into p' and transforms the sequence 
of cycle minima of p into that of p'. 

Given a composition p 1= n, we denote by the set of all permutations whose 
ordered cycle type is p. Then each conjugacy class C\ in S(n) decomposes as the 
disjoint union 


n 

where p ranges over all compositions obtained by permuting the parts of A. For 
the symmetric group 5(4), the successive decompositions we have discussed are 

5(4) = Lq U Li U L 2 U L$ 

= £7(1,1,1,1) LI C(2,1,1) L C( 3; 1) U (7(2,2) L (7(4) 

= (7(1,1,!,!) L (7(2,1,1) U (7(1,2,1) u (7(1,1,2) u (7(3,1) U (7(1,3) L (7(2,2) L (7(4). 

Each class C p contains a canonical permutation which acts by cyclically per¬ 
muting the first pi positive integers in the canonical way, cyclically permuting the 
next p 2 positive integers in the canonical way, and so on. Given p £ (7^, we denote 
by Up G S(n) the unique permutation which both conjugates to p and transforms 
the sequence of cycle minima of p ^ into that of p. 

We equip S(n) with the graph theory distance d. Thus level L r in the Cayley 
graph coincides with the sphere of radius r centred at the identity permutation 
e € S(n). The following properties of d are easily checked: 
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d(a,b) = d (pap^ 1 jpbp^ 1 ) 

= d (ab~ 1 ,e) 

= d(e, a~ l b) 

= d (ap, bp) 

= d {pa,pb). 

In particular, the diameter of the Cayley graph is 

max{d(a, b) : a,b £ S(n)} = max{d(e,p) : p £ S(n)} = n — 1 . 

We have already mentioned the fact that the set of permutations which lie on 
a geodesic path from the identity permutation e to an involution v is isometrically 
isomorphic to a hypercube whose dimension is half the size of the support of v. We 
will also make use of the fact that a permutation lies on a geodesic path from e 
to a forward cycle / if and only if it is a product of forward cycles which together 
induce a noncrossing partition of the support of /. A proof of this folklore result 
may be found in [51 Lecture 23]. 

3. Midpoint Calculus 

In this section, we generalize the encoding/decoding formalism of Ollivier and 
Villani from the hypercube to the symmetric group. Where possible, we try to be 
consistent with the notation and terminology of [5] . 

3.1. Crossovers. Let (a, b) £ S(n) x S(n) be a pair of permutations, and let 
M(a,b) be the corresponding midpoint set. Our first observation is that M(a,b) 
is the isometric image of a “standard” set of midpoints. More precisely, let p be 
the ordered cycle type of a~ l b, and let Cr(p) denote the set of midpoints of e, 
the identity permutation, and p M , the canonical permutation of ordered cycle type 
/i. Adopting the terminology of [3], we call the elements of Cr(/r) crossovers , or 
p-crossovers to be precise. Consider the function 


defined by 


S(n) —> S(n) 


x au a -i b xu a l lb , 

where u a -i b is the unique permutation which conjugates p M to a~ 1 b and transforms 
the sequence of cycle minima of into that of a~ 1 b. This function is an isometry, 
being composed of rotation by u a -\ b followed by translation by a. Moreover, under 
this mapping 


e4o, p^ i—^ b. 

Thus the mapping restricts to a bijection 

Cr (p) —> M(a,b). 

We write 


<p c (a,b) = au a -i b cu a l lb , 
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and view 


<p c (a,b), c £ Cr(/i) 

as a parameterization of the locus M(a,b) by a “standard” set of midpoints. Fol¬ 
lowing the terminology of [3], we call ip c (a,b) £ M(a,b) the midpoint of a and b 
encoded by the crossover c £ Cr(p). 

3.2. Duality. There is a natural geometric operation on crossovers: we view a 
crossover as the lower half of a geodesic path from the identity to the canonical 
permutation with a given ordered cycle type, and map it to the corresponding 
upper half. More precisely, given c £ Cr(/z), its dual c v is defined by 

v —1 
c := c p^. 

We now establish some technical properties of the operation c H > c v which will 
be needed below. First is the basic but important closure property. 

Proposition 3.1. Cr(/z) is closed under taking duals. 

Proof. Let c be a midpoint of e and p M ; we have to check that c v is a midpoint of 
e and p^. We have 


d(e,c v ) = d(e,c 1 p li ) = d(c,p M ) 

and 

d(c v ,p M ) = d (c _ 1 p M ,p M ) = d(c _1 , e) = d(e,c). 

Thus 

d(e,c v ) + d(c v ,p M ) = d(e, c) +d(c,p M ) = d(e,p M ), 

and 


d(e,c v ) - d(c v ,p /i ) = d(c,p,J - d(e,c) = e 
with £ £ { — 1 , 0 , 1 }, as required. □ 

Note that while the map Cr(p) —► Cr(/x) defined by c c v is bijective, it is not 
involutive: the dual of the dual of c is c conjugated by pf 1 . For future use, we 
extend the duality operation from points to sets: given C C Cr(/x), we define 


C v := { C v : c £ C}. 

Next is the following important property of crossover duals. 

Lemma 3.2. If c £ Cr(/x), then c _ 1 c v has both the same ordered cycle type and 
the same sequence of cycle minima as p M . 

Proof. First note that c - 1 c v = c~ 2 p /i . Since c lies on a geodesic path linking e to 
each cycle of c is a subcycle of some cycle of Since the cycles of p M are intervals, 

our task reduces to proving the following general statement: whenever c\Ci ■ ■ ■ is 
a product of forward cycles which induce a noncrossing partition of { 1 ,..., k}, the 
product 


c 1 2 c 2 2 • • • (1 i->- .. . i-a k) 
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is a cyclic permutation of the numbers 1 ,,k. If this statement holds, then left 
multiplication of by c~ 2 will change neither the cycle structure nor cycle minima 
of 

Note that we can assume each cycle c r is of length at least two. Suppose that 
the first cycle, Ci, is 


ci = (ii z 2 i kl ), 

where 1 < i\ < < • • • < i kl < k. Let us write the full forward fc-cycle in the form 

(1 i—> ... H> k) = (i\ !-> I\ H> *2 i—> I 2 H > ■ ■ ■ H> i kl l— ^ 

where the /*’s are intervals. Since 


(ii 1 —> I\ t—> *—> I 2 ^ t ik 1 l— t Ik 1 ) -(il4...4 *fci)(Il ^ I\ ) if 2 Ht 12 ) • • ■ ( ik 1 l— t 

we have 


(ii 1—^ ... 1 —> i kl ) 2 (1 ... ha k) = (*i 1 —t ... 1 —> i kl ) 1 (*i 1 —>• -Ii )(*2 H > I2 ) • • • (*fc 1 

= (*fci | —> • • • | —t *l)(*fei | —> Ifci) ■ • ■ (*2 H> ^2)(*1 t -II) 
= (*fci l— >■ -Ifci 1 —- - - 1 —*2 1 —^ -^2 1 —^ *1 1 —^ ^l)- 

Now, since the cycles Ci,C 2 ,... induce a noncrossing partition of {1,the 
cycle C 2 is contained in one of the intervals 1 1 ,.. •, I kl + 1 - Thus the same argument 
applies to compute 


c 2 2 (*fci l— t Iki 1 —^ - - • 1 —^ *2 1 —^ T2 1 —>• 1 —> Ti). 

□ 

3.3. Encoding. The duality operation has been introduced, and its basic proper¬ 
ties developed, in order to make available a structured means of encoding pairs of 
midpoints using crossovers. To this end, we introduce the mapping 


defined by 


Cr(p) —► AI(a,b) x M(a,b) 


c H> <f> c (a, b) := (<p c (a, b),<p c v (a, b)). 

Thus (x,y) = <f> c (a, b) is the pair of midpoints of a and b encoded by c and c v . 
The duality relationship between c and c v induces algebraic and geometric rela¬ 
tions between the pairs (a, b) and (a:, y) which may be collectively called duality of 
midpoints. 

Proposition 3.3. If (x,y) = d > c (a,b), then: 

(1) x~ 2 y has the same ordered cycle type and sequence of cycle minima as a~ 1 b; 

(2) a and b are midpoints of x and y; 

(3) U x — ly U a — l^Vj C —l C W. 

Proof. Let us prove these assertions in order. 
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(1) First, we have 

x~ x y = ((fi c (a,b))~ 1 (ip c v(a,b)) 

= (au a -i b cu~l lb )- 1 {au a -i b c'u~l lb ) 

-1 V -1 

= U a -i b C c u a _ lb , 


Let /i be the ordered cycle type of a _ 1 6 . By definition, u a -i b conjugates 
Pfj, into a _1 6 and transforms the sequence of cycle minima of p M into that 
of a~ 1 b. By Lemma 3.2 c - 1 c v has both the same ordered cycle type and 
sequence of cycle minima as p ll . Thus, u a -i b c~ 1 c s/ u~} lb has both the same 
ordered cycle type and sequence of cycle minima as a~ 1 b. 

(2) We now show that a and b are midpoints of x and y. Since 


and 


a 1 x = a 1 {au a -i b cu a } lb ) = u a -i b cu a } lb 


y 1 b= (au a -i b c v u a l lb ) x b 

= (ciU a -l b C P^^a-i b ) ^ 

= ( au a -i b c~ 1 u~l lb u a -i b p IJ ,u~l lb )~ 1 b 
= ( au a -i b c~ 1 u~} lb a~ 1 b)~ 1 b 
= {b~ 1 au a -i b )c{b~ 1 au a -i b y 1 , 

both a _1 x and y~ x b are conjugates of c. By the conjugation invariance of 
d we thus have 

d(e, a~ 1 x) = d(e, c) = d(e, y _ 1 6 ), 

whence 


d(a,x) = d(e, c) = d {y,b). 

Similarly, since 

a~ 1 y = a _1 (azi a -if,c v u“i lfe ) = u a -i b c v u~} lb 

and 

x~ l b = ( au a -i b cu~} lb )~ 1 b 
= u a -i b c~ 1 u~l lb a~ 1 b 
= u a -i b c y p~ 1 u~l lb a~ 1 b 
= u a -i b c v (u~} lb {a~ 1 b)~ 1 u a -i b )u~} lb a~ 1 b 
= u a -i b c v u~} lb , 

both a~ 1 y and x~ l b are conjugates of c v , and we have 
d(a, y) = d(e, c v ) = d(x,&). 

Now, since x~ x y has the same ordered cycle type as a~ l b, we have 


d(x, y) = d(a, b) = d (e,p M ). 
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Putting this all together, we have 


and 


d(a;, a) + d(o, y ) = d(e, c) + d(e, c v ) 
= d(e,c) + d(c,p M ) 
= d (e,p M ) 

= d (x,y), 


d(a;, a) — d(a, y ) = d(e, c) — d(e, c v ) 

= d(e,c) - d(c,p M ) 

= e, 

where e G {—1,0,1} because c is a midpoint of e and p At . Thus, a is a 
midpoint of x and y. The proof that b is a midpoint of x and y is just the 
same. 

(3) Finally, we prove the identity 


'^'x~ 1 y ^a~ 1 b^'c~ 1 c v 5 

which will be needed below in the proof of Proposition |3.4| Since 


X l y = (au a -i b cu a l lb ) 1 (au a -i b c y u a l lb ) 
'U j a~ 1 bC C ^ J a~ 1 b 
'U j a~ 1 b'U J c- 1 c v P ll^c-IqV ^‘ a ~ 1 b 
= (^a -1 b^c -1 c v ^)Vfi{V J a~ 1 b'^ j c~ 1 c s/ ) 1 


we have that u a -ii,u c -i c v conjugates into x~ l y. This is one of the two 
properties that uniquely defines the permutation u x -i y , the other being that 
it transforms the sequence of cycle minima of p^ into the sequence of cycle 
minima of x~ l y. Since u c - i c v stabilizes the sequence of cycle minima of p^ 
(by Lemma 3.2), conjugation of p^ by it a -if,u c -i c v produces a permutation 
whose sequence of cycle minima coincides with that of a -1 6, and hence with 
that of x~ 1 y by Part (1). 

□ 


3.4. Decoding. Our constructions so far may be thought of in cryptographic 
terms, as follows. Alice and Bob wish to transmit messages to one another across an 
insecure channel. They meet at a secure location, and agree on a composition /ifn 
and a crossover c G Cr(/r) to be used as a secret encryption key. Alice and Bob then 
return to their respective locations on opposite ends of the channel. The plaintext 
messages to be transmitted are pairs (a, 6) G S(n) x S(n) such that a~ 1 b G C^. 
To send the message (a, b) to Bob, Alice computes the ciphertext (x,y) = 4> c (a, b) 
and transmits it to Bob across the channel. Bob receives the ciphertext (x,y), and 
wishes to recover the plaintext message. Our next result proves that there is a 
well-defined decryption key 5(c) such that ( a,b ) = < f> 5 ( c )(x, y) — in fact, the proof 
explains how to compute <5(c). 
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Proposition 3.4. For each composition p\- n, there exists a function 

6^ : Cr (p) —> Cr(p) 

such that 


®5^c)($c(a,b)) = (a,b) 

holds for all c £ Cr(//) and each ( a,b) £ S(n)xS(n) verifying a~ 1 b £ C M . Moreover, 
this function is an involution. 


We call the function 5^ of Proposition 3.4 the decoding function of type p. In 
order to lighten the notation, we will henceforth omit the dependence of S on p. 


Proof. Fix a composition p\= n. We claim that the corresponding decoding function 
is given by 


6(c) . U c _i c \,C U c — i c v. 

First, let us check that the codomain of S is indeed Ci~(p), i.e. that 6(c) is in fact 
a midpoint of e and p „. We have 


d (e,6(c)) = d(e,uf} 1( . v c~ 1 u c -i c v) 
= d(e, c -1 ) 

= d(e,c) 


d(5(c),p M ) = d(w“_ 1 lc vC _1 u c -i c v,p At ) 

= d(W 1 ,u c -i c vp M M“_ 1 lc v) 

= d(c _1 , c _1 c v ) 

= d(e, c v ) 

= d(e, c~ 1 p fl ) 

= d(c,p M ). 

Thus, since c is a midpoint of e and p^, we have 

d(e,6(c)) + d(6(c),p^) = d(e, c) + d(c,p M ) = d(e,p M ) 

and 

d(e, <5(c)) - d(d(c),p M ) = d(e,c) - d(c,p M ) = £ 
with e £ { — 1, 0,1}. 

Next, let (a,b) £ S(n) x 5(n) be a valid plaintext, i.e. a pair of permutations 
such that a~ 1 b £ Cf, and let (x,y) = 4> c (a,6) be the corresponding ciphertext. We 
then have 

x = <p c (a, b) = au a -i b cu~} lb 
y = ip c (a, b) = au a -i b c v u~l lb , 
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By Proposition |3.3| Part (1), we may re-encode (x,y) using 5(c) as an encryption 
key, arriving at a new ciphertext (x',y') = <f>sr c )(x,y)- We claim that this re¬ 
encoding decrypts (x,y), i.e. that ( x',y') = (a, b). Indeed, 


x ' = l P6(c)( x ,y) 

= xu x -i y 5(c)u~l ly 


= a, 


where we made use of Proposition 


3.3 


Part (3). Similarly, we have 


y’ = V5( c) v {x, y) 

= xu x -i y 5(c) v u^ ly 

(arA a —)(w a - 1 i c v )(w c _ i c vc u c —i c v) (?x a —i^t£ c —i c v) 

(drA a — (u a — l frZZ c - 1 c v ) (w c -i c v C'U‘c— 1 c v P[i) (^ J a~ 1 b^’c~ 1 c v ) 
urA a — u c - ic v P^ri c _i cV U a ~i^ 
dUg^-i^Ce ^ a~ 1 b 
^^a~ 1 bPfi^'a~ 1 b 

= b. 

It remains to show that 

5 : Cr (fj.) —» Cr(/i) 

is an involution. Let c be a /z-crossover, let (a, b) be a valid message, and consider 
the triple encoding 


$i5 2 (c)($c5(c)($c(a, b))). 

Since 5(c) is the decryption key corresponding to the encryption key c, we have 
$5 2 (c)($5(c)($ c (a,6))) = $a2( c )(a, b). 

On the other hand, since 5 2 (c) is the decryption key corresponding to the encryption 
key 5(c), we also have 


$<5 2 (c)($,5(c)($c(a,6))) = $c(a,b). 

Thus < h < 5 2 ( c )(a,b) = <P c (a,b), which readily implies 5 2 (c) = c. 


□ 


4. The Brunn-Minkowski inequality 

4.1. Without a curvature term. We now put our encoding-decoding formalism 
to work. We begin by proving the “flat” Brunn-Minkowski inequality for S(n). 

Theorem 4.1. For any nonempty A,B C S(n), we have 

log \M\ > i log \A\ + ilog|B|, 
where M is the midpoint set of A and B. 
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Proof. Suppose that there exists an injection 


Then 


<3> : A x B 


M x M. 


\m\ 2 >\a\\b\, 

and taking logs this becomes 

log \M\ > ~ log |.A| + ilog|B|. 

To construct such an injection, let pi,..., p m be an enumeration of the ordered 
cycle types of the permutations 

a~ 1 b, (a, b) £ A x B. 

For each 1 < i < to, choose an encryption key Ci £ Cr(^), and let di = 6(ci) be 
the corresponding decryption key. 

Partition Ax B into classes 


Ci = {(a,b) £ A x B : a 1 b£C fl .}, 1 < i < m, 

and consider the map 


4> : A x B —> M x M 

whose restriction to each Ci is given by encryption using key cp. 

<F(a,6) = $ Ci (a,b). 

We claim that <f> is injective. Indeed, if 

<F(a,6) = 

for some (a, 6), (a' ,b') £ Ax B, then we must have (a, b), (a', b') £ Ci for some 
1 < * < m by Proposition |3.3[ Hence 

(a, b) = $ di ($ Ci (a,6)) = $ di ($ Ci (a',6')) = (a',b'), 
by Proposition |3.4| □ 

4.2. With a curvature term. Theorem |4.1| above was proved by injecting Ax B 
into M x M. The injection used was a straightforward application of the formalism 
of encoding and decoding developed above. We now obtain the curved Brunn- 
Minkowski inequality stated as Theorem |1.2| in the introduction by injecting two 
copies ofAxB into M x M. The construction of the required injection involves a 
subtler use of encoding/decoding: the proof requires choosing two parallel sequences 
of encryption keys which are coupled in a special way. 

Theorem 4.2. For any nonempty A,B£ S(n), we have 

log \M\ > l log |A| + i log \B\ + |d (A, B) 2 
where M is the midpoint set of A and B and 
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4 log 2 

1 (n - l) 2 ' 

Proof. First note that if d(A, B) = 0, the claimed inequality degenerates to the flat 
Brunn-Minkowski inequality, which we have already proved. We thus assume that 
A and B are disjoint. 

Suppose that there exists an injection 

<F : A x B x {0,1} —> M xM. 

Then 


\M\ 2 >2\A\\B\, 

and taking logs this becomes 

log \M\ > ^ log \A\ + ^ log \B\ + 1 °| 2 . 

The desired inequality now follows from the fact that the diameter of S(n) is n — 1. 

In order to construct $ as required, let fi\, ... , /j. m and C\,..., C m be as in the 
proof of Theorem |4.1[ Choose a system of encryption keys 

Cj £ Cr(/ij), 1 < i < m, 

and consider a second system of encryption keys obtained from the first system by 
setting 


Ci := S(S(cj) v ), 1 < i < m. 

The keys c.i are defined in this way so that, by the involutive property of S, their 
corresponding decryption keys are the duals of the decryption keys of the first 
system: 


(4.1) S(c x ) = 6(a) v . 

We build <I> from the above data as follows. First, partition Ax B x {0,1} into 
the 2 to sets 


= {( a,b,j ) : a 1 b £ Ci}, 1 < i < m, 0 < j < 1. 
Aj) 


We define $ by declaring its restriction to C) 1 to be 
<F(a,6, j) := 


$ Ci (a,b ), if j = 0 
$ gi (a,6), if j = 1 
We now prove that $ so defined is an injection. Suppose 


Or, y) £ M x M, (a, b , j) £ cf :1 , (a', b',f ) £ Cp 


are such that 


(x,y) = $(a,b,j) = ${a!,b',j'). 

Then, by the first part of Proposition |3.3[ we must have i = i'. We claim that also 
j = j'. If not, then (relabelling if neccessary) we have 
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(x, y) = 4>(a, b, 0) = <b(a 7 , b', 1), 

so that 


(x, y ) = <h Ci (a, b) = <J> gi (a 7 , b'). 

Decoding, we obtain 

( a i b) = $«(<*) 2/) = (^( Ci )(®>2/)> V«( Ci )v(a;,y)) 

and, using (4.1 1, 

(o',6') = <&s(ci){x,y) = {V8(c i y{x,y),ip 5 (c i y(x,y)). 

This implies a' = b, which is impossible since A and B are disjoint. 

There are now two cases: j = j' = 0 and j = j' = 1. In the first case, we have 


4> c . (a, b) = <E>(a, b, 0) = 4>(a 7 , 0) = 4> c . (a 7 , 6 7 ), 


whence 


(a, b) = 4>5 (ci )(3 > c i («, b)) = $ 5(c . ) (4> Ci (a 7 ,6 7 )) = {a',b'). 
In the second case, we have 


$ £i (a, b) = 4>(a, 6,1) = 4>(a 7 , b ', 1) = (o 7 , 6 7 ), 


whence 


(a,b) = $5(ci)( $ ci(a, 6)) = 4> 5 (a i )(4>£ i (a 7 , 6 7 )) = (a 7 ,6 7 ). 

□ 

4.3. With an optimal curvature term. We conjecture that the curved Brunn- 
Minkowski inequality proved in Theorem |4.2| can be improved to the following 
optimal statement. 

Conjecture 4.3. For any nonempty A, B C S(n), we have 

log \M\ > i log |A| + i log \B\ + yd(A, B) 2 
where M is the midpoint set of A and B, 


and c is a positive constant. 

While we are at present unable to prove Conjecture |4.3[ we show here that it is 
implied by the following conjectural concentration inequality. 

Conjecture 4.4. There exists a positive constant e > 0 such that, for any p\= n, 
we have 


d(C, C v ) > r => P(C)<e - ^), 
where P is the uniform probability measure on Cr(/j). 
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Remark. In the case where p = (pi,P 2 , ■ ■ ■) satisfies p t £ {1,2}, Conjecture 4.4 
is true — via the embedding of the hypercube described in the Introduction, it is 
equivalent to Corollary 6 in [|]. 


We now explain how Conjecture |4.3| can be deduced from Conjecture |4.4| This 
argument, which lifts the proof of [1, Theorem 1] from the hypercube to the sym¬ 
metric group, differs substantially from the proofs of Theorems |4.1| and 4.2 To 


prove these coarser results, we used static encoding to construct our injections, i.e. 
a predetermined list of encryption keys. Here, we use an adaptive coding scheme 
in which all crossovers associated to Ax B are employed. 


Theorem 4.5. Suppose that Conjecture \4-4\ is true. Then, for any nonempty 
A, B C S(n), we have 


log \M\ > i log |A| + \ log \B\ + jd(A, Bf 


where M is the midpoint set of A and B and 

K= 4£ 


n — 1 


Proof. Let p i,..., p m and C i,..., C m be as in the proof of Theorem 4.1 Put 

Ui := Ct x Cr(pi), 1 < i < m. 

These sets are pairwise disjoint, but note that they are not subsets of A x B. Rather, 


U := □ Ui 

i=1 

is an “enriched” version of A x B in which each pair (a, b) £ Ci appears with 
multiplicity |Cr(/ij)|. 

Consider the map 


defined by 


4- : U 


M x M 


4>(a, b, c) := 4> c (a, b). 

By Proposition |3.3[ we know that the image of Ui under $ is contained in 


Vi := {(x,y) £ M X M :x 1 y £ C^}. 
The sets V \,..., V m are disjoint, and 


< \M x M\. 

»=l 

Fix an arbitrary i £ {1 ,... ,m}, and an arbitrary pair of midpoints (x,y) £ V.- 
By definition, (a, b, c ) £ Ui maps to (, x , y) under 4> if and only if 


$ c(a,b ) = {x,y), 

which by Proposition |3.4| is equivalent to 
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®5(c)(x,y) = {a,b). 

Thus the cardinality of the fibre of $ over ( x , y) agrees with that of the set 

D(x,y ) := {d e Cr(/q) : $ d (%,y) £ Q}- 
Now let d\,d2 £ D(x,y). Then, by definition, 

Vd x (x, y) £ A, (x, y ) £ B. 

Because the map 


d i-a <pd(x,y) 

is an isometry, this implies 

d(di, c?2 ) = > d(A, B), 

and hence 


d {D(x,y) 1 D(x,y) v ) > d (A,B). 

Hence, assuming Conjecture |4.4[ we have that 

ed(A,B ) 2 ed(A,B ) 2 

\D(x,y)\<e | Cr(/Xj)| < e — 1 | Cr(^)|. 

Summing over all (x, y) £ V we thus obtain 


\Ui\ < Cr(/ij)||Vi|. 


Since \Ui\ = |Cj|| Cr(/ij)|, this implies 


ed(A,B ) 2 

\Ct\ <e - ^~\V\. 


Summing over 1 < i < m, we get 


7 ri 0 rn 

E ed(A,B) % 

\Ci\ < e ^ \Vi\, 


i—l 


i—l 


whence 


ed(A,B) 2 

\A x B\ < e- M x M\. 

Taking logs, we obtain the curved Brunn-Minkowski inequality with 

4e 


K = 


n — 1 


□ 
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